This report summarizes the analysis of attack events detected by SafeLine WAF, outlining key event types and their characteristics:
1. SQL Injection
-
Characteristics:
- Use of SQL keywords like
SELECT
,UNION
, and conditions like1=1
.
- Use of SQL keywords like
- Example: Attackers attempt to manipulate database queries by injecting malicious SQL code, aiming to extract or modify sensitive data.
2. XSS (Cross-Site Scripting)
-
Characteristics:
- Malicious JavaScript code snippets such as
<script>
,alert()
, and the use of special characters< >
. - Common indicator: Popup windows triggered by the attack.
- Malicious JavaScript code snippets such as
- Example: Inserting harmful scripts into web pages to steal cookies or perform unwanted actions in the user's browser.
3. Backdoor Access
-
Characteristics:
- Direct file reading or execution of trojans through URL manipulation.
- Example: Attackers attempt to execute backdoor malware by appending malicious code to file paths in URLs.
4. File Upload Exploits
-
Characteristics:
- Uploading malicious files, such as one-line trojans or steganographic attacks (e.g., hiding code in images).
- Example: Attackers attempt to upload files containing harmful code. SafeLine WAF automatically scans these files and blocks uploads if malicious code is detected.
5. Code Execution (RCE)
-
Characteristics:
- Use of functions like
system()
to execute arbitrary commands on the server. - Frequent use of single and double quotes (
' "
) and escape characters (\
).Example patterns:/‘b’i’n’/‘c’a’t’ /‘e’t’c’/'p’a’s’s’w’d
- Use of wildcards (
?
,*
,[]
).
- Use of functions like
- Example: Attackers attempt to exploit vulnerabilities that allow them to run arbitrary commands, gaining unauthorized access to the server.
6. File Inclusion Attacks
-
Characteristics:
- Directory traversal patterns such as
…/…/
used to navigate through and access unauthorized files.
- Directory traversal patterns such as
- Example: Attackers try to include and execute files from directories outside the web root by manipulating file paths.
SafeLine WAF continuously monitors these attack vectors, employing advanced detection techniques to identify and mitigate these threats effectively, ensuring robust web application security.